package cn.tedu;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.Scanner;

public class Demo02 {
    public static void main(String[] args) {
        Scanner sc = new Scanner(System.in);
        System.out.println("请输入英雄名");
        String name = sc.nextLine();
        System.out.println("请输入英雄价格");
        int money = sc.nextInt();
        //获取连接
        try (Connection conn = DBUtils.getConn()){
            String sql = "insert into hero values(null,?,?)";
            //因为SQL语句中有变量所以创建预编译的SQL执行对象 避免出现SQL注入漏洞
            PreparedStatement ps = conn.prepareStatement(sql);
            //替换?
            ps.setString(1,name);
            ps.setInt(2,money);
            //执行SQL语句
            ps.executeUpdate();
            System.out.println("添加完成!");
        } catch (SQLException throwables) {
            throwables.printStackTrace();
        }
    }
}
